Business data stored in databases and archived in long-term storages may include a wide range of data objects. Some of the data objects may include information that is required by regulations to be treated in specific manners. Different regulations may have different objectives and thus different requirements on how to handle the business data. For example, privacy and protection laws may require that certain personal information be made inaccessible under certain conditions such as after a first stipulated period of time. On the other hand, security regulations such as tax law may require that financial records be preserved for a second stipulated period of time. Thus, a brute-force approach such as destroying the business data after the first speculated period of time to meet the requirements of the privacy and protection laws may not be appropriate since the business data may be required by security regulations to be preserved even after the first stipulated period of time.
Another issue associated with data protection is that business data may be accessed via a number of access paths. Thus, when the access to the business data is protected from one access path, it still may not be safe since the protection may be circumvented via other access paths.
A further issue relating to protecting business data in compliance with regulations is how to properly use existing business data as test data in business software development. Testing data is commonly used to test business software applications that are under development. The testing data may be simulated (or artificial) test data or real data extracted from business data. Testing the business software application using only simulated data, although convenient, can be unreliable since it does not reflect reality. To ensure the robustness of the business software applications, real data may be needed for testing. However, real test data extracted from existing business data may contain information whose usage is subject to government regulations and laws. For example, certain personal information may need to be anonymized in the test data under privacy and protection laws.